CVE-2026-34933

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version 0.9-rc4.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/avahi/avahi/commit/625ca0fac19229f6dfa3a6c6b698ae657187e50c	Patch
https://github.com/avahi/avahi/pull/891	Issue Tracking Patch
https://github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvc	Exploit Patch Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/04/11/9	Exploit Mailing List Third Party Advisory
https://github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvc	Exploit Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:avahi:avahi::::::::
	cpe:2.3:a:avahi:avahi:0.9:rc1::::::
	cpe:2.3:a:avahi:avahi:0.9:rc2::::::
	cpe:2.3:a:avahi:avahi:0.9:rc3::::::

History

13 Apr 2026, 17:26

Type	Values Removed	Values Added
References	~~() https://github.com/avahi/avahi/commit/625ca0fac19229f6dfa3a6c6b698ae657187e50c -~~	() https://github.com/avahi/avahi/commit/625ca0fac19229f6dfa3a6c6b698ae657187e50c - Patch
References	~~() https://github.com/avahi/avahi/pull/891 -~~	() https://github.com/avahi/avahi/pull/891 - Issue Tracking, Patch
References	~~() https://github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvc -~~	() https://github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvc - Exploit, Patch, Vendor Advisory
References	~~() http://www.openwall.com/lists/oss-security/2026/04/11/9 -~~	() http://www.openwall.com/lists/oss-security/2026/04/11/9 - Exploit, Mailing List, Third Party Advisory
CPE		cpe:2.3:a:avahi:avahi:0.9:rc1:::::: cpe:2.3:a:avahi:avahi:0.9:rc2:::::: cpe:2.3:a:avahi:avahi:::::::: cpe:2.3:a:avahi:avahi:0.9:rc3::::::
First Time		Avahi Avahi avahi

11 Apr 2026, 19:16

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2026/04/11/9 -

06 Apr 2026, 17:17

Type	Values Removed	Values Added
References	~~() https://github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvc -~~	() https://github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvc -

03 Apr 2026, 23:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-03 23:17

Updated : 2026-04-13 17:26

NVD link : CVE-2026-34933

Mitre link : CVE-2026-34933

CVE.ORG link : CVE-2026-34933

JSON object : View

Products Affected

avahi

avahi

CWE

CWE-617

Reachable Assertion

5.5 /10